0
Navneet@aol.com.au created
- ABP Framework version: v9.0.1
- UI Type: MVC
- Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..) / MongoDB
- Tiered (for MVC) or Auth Server Separated (for Angular): yes
Hello Team,
I have a security requirement, is there any way can I assign IP addresses to OpenIddictApplicatin to allow and block based on IPs?
If something is not available out of the box, Any guide will be helpful like which place I can debug for incoming requests, it needs to be client-based not global access control.
Thanks, Navneet
1 Answer(s)
-
0
https://abp.io/support/questions/8650/Limit-the-access-to-Application-in-MVC
It seems to be the same issue, you can override the
TokenController.Password
.public class MyTokenController : TokenController { [UnitOfWork] protected override async Task<IActionResult> HandlePasswordAsync(OpenIddictRequest request) { var clientId = request.ClientId; var client = // get client from repository // check IP Logger.LogInformation("IP not allowed", request.Username); errorDescription = "IP not allowed!"; } var properties = new AuthenticationProperties(new Dictionary<string, string> { [OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidGrant, [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = errorDescription }); return Forbid(properties, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme); } }
[ExposeServices(typeof(LoginModel))] [Dependency(ReplaceServices = true)] public class MyCustomLoginModel : OpenIddictSupportedLoginModel { public MyCustomLoginModel(IAuthenticationSchemeProvider schemeProvider, IOptions<AbpAccountOptions> accountOptions, IAbpRecaptchaValidatorFactory recaptchaValidatorFactory, IAccountExternalProviderAppService accountExternalProviderAppService, ICurrentPrincipalAccessor currentPrincipalAccessor, IOptions<IdentityOptions> identityOptions, IOptionsSnapshot<reCAPTCHAOptions> reCaptchaOptions, AbpOpenIddictRequestHelper openIddictRequestHelper) : base(schemeProvider, accountOptions, recaptchaValidatorFactory, accountExternalProviderAppService, currentPrincipalAccessor, identityOptions, reCaptchaOptions, openIddictRequestHelper) { } public override async Task<IActionResult> OnGetAsync() { var openIddictRequest = await OpenIddictRequestHelper.GetFromReturnUrlAsync(base.ReturnUrl); var clientId = openIddictRequest.ClientId; var client = // get client from repository // check IP Logger.LogInformation("IP not allowed", request.Username); errorDescription = "IP not allowed!"; Alerts.Danger(L["IPNotAllowed"]); return Page(); } }